Your Router May Be Infected To Serve Up Fake Ads

If you have never heard the term “steganography,” you’re not alone. It’s the art and science of hiding code inside image data.

When used by hackers, it is one of the most difficult attack vectors to detect, because honestly, few people consider images to be more than window dressing for the web. That is, in fact, exactly what the hackers are counting on.

Recently, a series of malicious ads have been found on a wide range of legitimate websites. When they are displayed, the code embedded in them redirects site visitors to a hacker-controlled page containing an exploit kit called “DNSChanger,” which attacks vulnerable routers.

The attack is highly complex, and not something that an un- or semi-skilled hacker would be capable of. First, the ads check the viewer’s IP address against a target list. If the address falls outside the specified range, then a dummy ad is displayed with no additional code.

If, on the other hand, the address falls within the hacker’s target range, the next phase of the attack begins, and the viewer is served a hidden image that contains code designed to exploit the user’s router. Once it has been breached, the next move is at the hacker’s discretion, but he has essentially unfettered system access. The hacker can monitor all network traffic and pilfer sensitive data like passwords, bank account and credit card numbers and the like.

The best way to minimize the risk of such an attack is to ensure that your router is running the latest firmware. Based on an analysis of the code discovered in these images, the hackers have a database of more than 160 different router models and firmware versions they can check your equipment against, making their pool of potential targets vast indeed.